[DOCS-6320] Comment on: "manual/tutorial/install-mongodb-on-red-hat.txt" Created: 03/Oct/15 Updated: 03/Nov/17 Resolved: 27/Jul/16 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 01112017-cleanup |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Docs Collector User (Inactive) | Assignee: | Kay Kim (Inactive) |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | collector-298ba4e7 | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Location: https://docs.mongodb.org/manual/tutorial/install-mongodb-on-red-hat/ |
||
| Participants: | |
| Days since reply: | 7 years, 29 weeks ago |
| Description |
|
The official MongoDB guide suggests that I add a `.repo` with `gpgcheck=0` over HTTP protocol. I'm getting the feeling that this is a very insecure setup - I am worried about exposing myself to MiTM attacks this way everytime I try to update my system within an untrusted network. Is this actually possible or are there any security mechanisms that I'm not aware of that would protect me from that? If not, is there any way to make this `.repo` setup more secure without relying on my OS's old packages or compiling the program from scratch? |
| Comments |
| Comment by Kay Kim (Inactive) [ 27/Jul/16 ] |
|
JIRA housekeeping. If you need further assistance, please open new ticket for prioritization. Regards, Kay Kim |